Rundll32: The Infamous Proxy for Executing Malicious Code

Take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail

A taste of the latest release of QakBot

Emulating the Infamous Modular Banking Trojan BokBot - AttackIQ

Emulating North Korean Adversary BlueNoroff - AttackIQ

The Duqu 2.0: Technical Details

Persistent pests: A taxonomy of computer worms - Red Canary

Microsoft warns of Dexphot miner, an interesting polymorphic threat

3 Malware Loaders You Can't (Shouldn't) Ignore - ReliaQuest

Rundll32: The Infamous Proxy for Executing Malicious Code

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distr - exploit database

The second program that was found is rundll32exe which is a Microsoft signed

Cybereason auf LinkedIn: Rundll32: The Infamous Proxy for Executing Malicious Code

Rundll32: The Infamous Proxy for Executing Malicious Code

Rundll32: The Infamous Proxy for Executing Malicious Code

Rundll32: The Infamous Proxy for Executing Malicious Code

Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies - SOC Prime